Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya AADS + Equinox Configuration File

Status
Not open for further replies.
Govarlo

Govarlo

IS-IT--Management
Joined
Jun 3, 2019
Messages
3
Location
US
Hi Guys,

I'm currently setting up AADS on my lab environment but I'm facing some challenges generating the SIPHA1 key and making Equinox Client to get configured by URL. At the moment I have LDAP configured and getting successful response from AD server for Enterprise Directory search on my Avaya Equinox Client.

For SIPHA1 issue, I go to AADS>>Dynamic Configuration>> Configuration, and I do a search by User getting only the following parameters under Discovered tab:

SIP_CONTROLLER_LIST 1xx.1xx.17.33:5060;transport=TCP,1xx.1xx.17.33:5060;transport=UDP,1xx.1xx.17.33:5061;transport=TLS,1xx.1xx.17.34:5060;transport=TCP,1xx.1xx.17.34:5060;transport=UDP,1xx.1xx.17.34:5061;transport=TLS
SIPPORT 5060
SIPPROXYSRVR 1xx.1xx.17.33
SIPSECURE 0

I'm not sure why I'm getting port 5060 because I do have TLS enabled, and SIP port 5061 defined at my Equinox Client side. Does anyone knows if this is the normal output for Discovery Tab?


The second issue I have is that I'm not getting SIPHA1 key output at all, and I suspect the issue is because the client is not able to send any traffic to AADS server because the TLS issue on the first issue.

At the moment the only way I can get my AADS server registered with my Equinox client is by doing Manual Configuration at the Client side, but as far as I know this is not the case when implementing AADS server, so I need to understand how to use the auto-config url, where I can get it on AADS server and if someone have been in the same situation.

Thanks for your help.
 
Sort by date Sort by votes
well, if you look at PPM configuration that SM delivers to a SIP phone, it usually includes a list of proxies - to say, all SMs that are part of that user's profile - and for those proxies it also provides port and transport - so, if UDP and TCP listen on 5060 and TLS on 5061, you'd see all 3 pushed to the phone - so i'd say that's 'normal'

The phone should pick it's favorite/most secure. Either way, when building your config for AADS, you can explicitly define various settings - and something like SIP controller list would be a good one. Might I recommend using FQDN instead of IP, otherwise you'll need to turn off cert verification in your clients.
 
Upvote 0 Downvote
Thanks kyle555 for your response. You are correct, AADS SIP Controller list is already defined with AADS fqdn server name, 5061 and TLS settings, however my biggest problem here is that the SIPHA1 parameter is not being created, and I have no clue what and where to look to confirm if settings are correct or not.

At the moment I can say that the certificate that I'm installing on Equinox client might be a problem because it is .p12 extension and it is asking me for Identity Certificate password, which I configured on the initial configuration with the SMGR Console App Config menu, but it is being accepted by Equinox Client after the correct password is being input.

Not sure where the conversion form .p12 to .crt needs to be done, or if the .crt certificate that I need to use comes form SMGR instead of AADS server.

Any ideas?
 
Upvote 0 Downvote
SIPHA1 is the SIP password. If you use it, then AADS should push it to the Equinox client so all users need is their LDAP login

rerun auto-config on equinox. a support article says that changing your password for AD in the Equinox client wipes out the previous password stored for SIPHA1.

Re: p12 - that's a cert with a private key and it has a password. You don't need that unless you're doing mutual TLS on SM or a SBC - to say, that your client when making a TLS connection gets SM/SBC cert and then SM/SBC require the client to present a cert of its own. If you're doing things where SMGR is the CA that signed the SM certificates, then getting the SMGR CA cert from Security -->Authories and adding that to your PCs trusted root CAs should be enough.
 
Upvote 0 Downvote
Understood, but why my AADS server is not passing the certificate to Equinox Client? Why I still have to manually install a .p12 certificate to make SIP extension to register with SM? It makes no sense to me to have an appliance that is not passing the certificates to the clients when using SMGR as a CA Authority, and Truestore on AADS is showing SMGRCA certificate there. Do you know how to obtain the .pem or the .crt certificate that makes Equinox client to work? It will be nice to obtain this file and put the location path on my configuration file.

Regards,
 
Upvote 0 Downvote
p12 - probably because SM is set to mutual TLS in global settings.

To install a p12, you can SET PKCS12URL, but that's only for hardphones.
Page 58:

it specifies that iOS and Android can SCEP or PKCS12URL but Windows or Mac is a manual installation or a group policy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DevanteWeary
  • Locked
  • Question Question
How do I obtain an LDAPS certificate for AADS?
Replies
1
Views
501
mattKnight
mattKnight
hunterrob
  • Question Question
Avaya EM200 removal
Replies
3
Views
390
dialtonebone
dialtonebone
BIS
  • Locked
  • Question Question
Avaya Infinity
Replies
1
Views
484
gnesvik
gnesvik
Saltylad
  • Locked
  • Question Question
Avaya Workplace
Replies
2
Views
501
SouthernKnight
SouthernKnight
Jerom
  • Locked
  • Question Question
Vector Configuration
Replies
6
Views
686
Sean655
S

Part and Inventory Search

Sponsor

Back
Top